Thursday, September 16, 2010

Un-Trusted Downloads May Crash Your PC

Cyber criminals may get into your PC via unsafe downloads online. So beware about such kind of downloads and ensure you are safe. Here is the full security awareness article for your reference, Just visit http://www.buzzle.com/articles/beware-about-hot-downloads-online.html

Tuesday, August 31, 2010

New Computer Security Forum Launched!



Recently Hermesmyth, an India based Online Marketing Services company has launched an new computer security forum “SafeScribble”. SafeScribble Computer Security Forum aims at discussing and solving computer virus related problems and, suggesting the best antivirus software for computer users.

SafeScribble PC Security Forum now invites antivirus technology experts to join the discussion and help grow the community by contributing security related articles and helping the forum users of their pc related questions. Also SafeScribble invites individuals and business users to share their virus related problems by registering in the discussion board for free and make use of it.

To register for free, please visit http://www.safescribble.com/


Monday, August 09, 2010

Web Server Security

Operating Systems still continue to be vulnerable to attacks if the security patches are not installed periodically, which gives way to malwares and massive internet worms. Sometime ago, the internet worm conficker, which is also known as downadup was creating big chaos over the internet, which lead to huge losses to the corporate and website owners. Meanwhile there was also number of buffer overflow attacks reported during the year 2009. It’s quite common that all the web servers do have vulnerability, but its good the website owner need to safeguard their valuable digital assets by periodically updating the security patches and by running quality server security software products, which would prevent from the web server being vulnerable i.e. accessible to the hackers.



Below are a few one-liner precautionary steps that will help you in securing your Web server.
1. Install the Security Patches whenever available
2. Check the client side of the website by running a Malware Scan to ensure the users are safe
3. Disable the unnecessary scripting languages in your web servers, as hacker may target them
4. Subscribe and Keep monitoring the security vendor's security alerts
5. Most importantly use a tough Alpha-numeric-Symbol based password
6. Check for vulnerabilities by running a vulnerability analyser to check your web server security holes
7. Set up permissions at different levels so that no one can access as an administrator, expect the person intended for.
8. DON'T test any new or unknown scripts in your main web server, because some untrusted scripts may inject a malware in your server

Also, now Google provides a free tool called "SkipFish" - a web application security reconnaissance tool, which can run a security audit to your website. Here is the link for your convenience http://code.google.com/p/skipfish/
Still wondering how the attack takes place, here is a pictorial representation of Top Cyber Security Risks by Sans.org http://www.sans.org/top-cyber-security-risks/tutorial.php

Tuesday, June 08, 2010

Top Identity Theft Methods

According to the FTC, over the past 5 years over 27.3 million people have had their identity stolen. That's a scary number, made more concerning by the fact that most people don't even realize their identity has been "borrowed" until after the damage is done. At this very minute, someone could be merrily opening credit card accounts and applying for mortgages under your name. It's important to take steps to actively protect your identity. The first step is to be aware of the various methods thieves have of obtaining your personal information. Some of them are predictable, while others are more surprising. The list below is a great starting point.
  • Getting your credit card information during an in-person transaction: This usually happens at a retail location where you're using your credit card to make a payment. Thieves can see and memorize your credit card info (or just write it down) and then turn around and use it to make their own purchases. They have even been known to resort to taking pictures of your card with a long range camera lens!
  • Stealing your mail: Make sure your mailbox has a sturdy lock, and that you keep a close watch on your mail trends. Haven't gotten any mail for a while? A thief may have submitted a change of address on your behalf to have your billing statements mailed to an address they control. They can then apply for credit card offers that you receive and obtain credit cards in your name.
  • Stolen wallets or purses: If your wallet or purse has been taken or "lost," immediately cancel all the credit cards. This is also a good time to put a credit freeze on your credit records at all 3 credit bureaus and start looking into identity theft protection services.
  • Dumpster diving: You'd be surprised how much personal information people throw in the trash. It's easy for thieves to acquire this information and use it for their own means. Make sure you shred all your documents and take the proper precautions.
  • Eavesdropping on phone conversations: People are usually pretty lax about what they'll say on the phone. With the advent of mobile phones, it's very easy for a thief to overhear you divulging personal information to a friend. Always be aware of what you're saying and who might be around you.
  • Phishing: This is a common email scam where you receive an email from a company of authority, such as your bank, PayPal or eBay. The email will ask you to provide personal information (like a password) by responding to the email or going to a link in the email, or even by calling them. Do not ever respond to these emails! No legitimate company will ever ask you for personal information via email.
  • Computer viruses: Hackers can create viruses that will invade your computer, acquire personal information, and send that information back to the hacker. Always have a current version of internet security software installed on your computer and make sure you keep it up to date.
  • Intercepting data from insecure sites or networks: If you're accessing your bank account or shopping online, make sure the site is encrypted. Look for a "https://" at the front of the URL. This indicates the site utilizes SSL encryption to keep your online transactions safe.
  • Pretexting or Social Engineering: This occurs when a thief uses false pretenses to get your personal information. One popular scheme is to call you, pretending to be your bank, utility company or other institution that might have access to your personal information. They will then ask for you to provide or confirm some piece of personal information. If someone calls you, don't give this information to them. Instead, look up the number of the company (if it's a bank or credit company, usually the number will be on the back of your card), and call them directly.


Some of the schemes mentioned above are fairly easy to protect against, others are more challenging. It's a good idea to stay on top of your credit records, as suspicious changes or updates to your credit history can indicate potential identity theft. The easiest way to do this is by signing up for an identity theft protection These services will usually monitor your credit history and actively stay on top of any leaks or use of your personal information.

Tuesday, February 23, 2010

Internet Landmines - what can a click do?

It is unbelievable how much harm a single click can do. Yet many people flirt around innocently with the internet, unaware of the dangers that are out there. In a lot of ways internet is like an area filled with landmines and any step of yours can be lethal.

Time is premium for most people these days and most of us assume and neglect some critical aspects of internet browsing. In a recent survey, it was concluded that more than 90% of internet users click “OK” or “YES” without reading the content. When installing software, most people in their haste to install their product, click “Next” without reading what they are signing up for, this becomes a habit beyond a point. This is exploited by some of the hackers.

Just a small wonder- have you ever read the term and conditions while signing up for mail account or while installing software? Answer it yourself :)

Many types of software are designed to send back information to the server computer on a regular basis. This information can vary between internet user patters to system resource usage patterns. Even many popular security software products send such information, which is later populated to develop a better product. But sometimes other malicious software might send out vital information such as your credit card information, SSN, or even bank account number and some other important documents which may be stored in your PC for your personal use.
In spite of advancement in the online security technology, there are many sites that pose various levels of threat to the computers. If you have a proper security system installed in your computer, you will be warned. But many people take this lightly, but without your knowledge your security is compromised.

This happens, mostly in case of firewall software’s – when there is a some network trying to access your computer, most of them don’t even have look at what message is being shown in the pop-up and just click “Allow” – sometimes a traffic which needs a “Deny” would be allowed.

Since most of the world, other than Europe and North America, is only recently getting acquainted with the internet. There are many unaware users on the internet. It is not difficult to get the hang once you have been browsing for a while, but initially people trust most of websites what they see, as most of them for a fact lack experience and are unaware about the online security threats.

So here is a little important information that computer users can follow.

• Read and Think before you click “Yes” or “I Agree”
• See if the website has got a “Privacy Policy”
• Always trust sites which are verified by Third Party i.e. having SSL certificate.
• Be careful about phishing attacks through email – You many receive a email claiming it to be from bank, but actually sent by a hacker.
• Always have a look at the link address once before clicking on items. If the link address does not match with the parent site, it is better to avoid such a link.
• Never click on suspicious links.
• Read the security alerts/ pop-ups, before you proceed to click “Access” “Yes” or “Deny”.
• Do not provide your personal information over chat to unknown persons.
• Do not share your passwords
• Have a Virus Scanning Software.

Wednesday, February 10, 2010

Day-to-Day activities that increase risk of ID theft

Everyday activities like using their phone, browsing the web and shopping can increase their risk of becoming victims of identity theft.

Steven Domenikos, CEO of IdentityTruth shares his list of 8 everyday activities that increase an individual’s risk for ID theft – I thought you may be interested in sharing these with your readers?

Phone Home: Smart phones are more popular than ever. In the rush to grab a piece of the pie, phone vendors and carriers will perhaps sacrifice security for market share. While Apple vets all iPhone apps, some others - notably Android Market - do not. Fake banking apps have been discovered on Android Market and have been subsequently removed – but not before they were downloaded and used by an unnamed number of victims.

Apple, of course, is vulnerable as well. With the lion’s share of the Smart Phone market, the successful release of a rogue application, even if only for a few days, would result in a huge payoff for the perpetrators. A May 2009 survey conducted by Trend Micro revealed that 1 in 5 Smart Phone users admitted to having been the targets of phishing scams.

Staying Connected: It seems that everyone has at least one profile on a social networking site - and many people have more than one. Besides the spam friend requests that are received, presumably in an effort to get past the spam email filters, there are the add-on helper applications that pose just as much a danger as the rogue smart phone apps referenced above.

The data contained on these sites when combined with information contained on school re-union sites, resume and job-search sites and other public information could be used to build personal profiles, and enable identity thieves to steal your whole persona.

Check that URL: In October 2009, ICANN approved the user of non-western characters in web addresses. Beginning in mid-2010, one will begin to see addresses in Arabic, Greek, Hindi, Japanese, Korean, Cyrillic and others. With certain foreign characters looking like western characters, it is easy to see that the scam artists will use these to impersonate valid sites. Surely the security software will eventually catch up. But in the meantime, users will need to beware.

It’s in the mail: When you receive applications for “preapproved credit cards in the mail” be sure that you open and shred the enclosed materials before throwing them away. According to the US Department of Justice: Criminals may retrieve those applications to try and activate the cards for their use without your knowledge. Also, if your mail is delivered to a place where others have ready access to it, criminals may simply intercept and redirect your mail to another location.

Longer Log-ins: A recent report from Imperva shows the most commonly used passwords, including “123456” and “iloveyou”. Having such an easy-to-guess password – and worse, using it for multiple websites/services – makes you easier to target. Choose complex passwords that include both letters and numbers, never use the same password for more than one website, and change your passwords frequently – at least every 3 months.

To reply?: If you get an email from any institution - be it your bank, your credit card company or the IRS asking that you reply with sensitive personal information do not respond under any circumstances. These phishing emails are still used by identity thieves preying on people that are too trusting, or too rushed to think twice.

Trash that: Dumpster Diving is not an Olympic sport – it is a practice by which criminals comb through trash looking for personal financial information – cancelled checks, bank statements, credit card statements and more. Be sure to shred any and all documents containing any personal information before throwing them away.

Shop till you drop: Double check all receipts from stores and ATMS – they may contain account information that identity thieves can use. Also, try to avoid kiosk ATMs - those freestanding units often do not have cameras and are statistically more likely to be infected by skimmers (electronic devices that allow thieves to record account and PIN numbers).

Always check if there is a SSL Certificate (https://) present in the website while you do Online Shopping. Not only in a shopping site, but also check if the page is secure in case you provide your confidential and personal details.

Wednesday, January 27, 2010

Internet security - must know for PC users

Everyone has a PC today, but they also get attacked by computer viruses all the time. Though PC penetration has been on the raise, the percentage of internet security conscious users has reduced.

Here are a few tips for readers to understand the DOs and DONTs on the internet

DOs

The foremost thing to do when you are an internet user is to install an internet security product. The product should essentially contain a working firewall system and a database of virus information to help protect your computer from any latest security threats.

The second thing is to educate yourself, on the levels of safety of various sites. Though it might seem that most site seem credible, with a days it should be easy for anyone to get a hang of which sites are safe and which ones are not.

Beware of what you download. Most of the viruses in the internet spread through downloads. Having said that one of the major activities on the internet is to download relevant data from the internet. Make sure you run a virus scan to ensure that the downloaded item is virus free.

Learn more about the internet security and how vulnerable your computer is. Learn to change the settings of your system to ensure that there is no possibility of an attack.

Buy K7 Total Security

DONTs

Do not use your credit card or back account number is an unauthorized site. Many cases are reported along these lines when members have given their security details on the internet which was misused.

There are many viruses that spared through emails. When opening an email always beware of a threat. Do not open executable files when sent through email from an unknown sender.

Always carry financial transactions, only through secure websites. These sites have been verified by a third party to ensure the cash transfer process is secure. The site will begin with https:// if it is a SSL secured website.

Don’t leave your system logged in, which can be misused by other users. It is advisable to "Lock Before You Walk" from your Computer.

Is taking a Bank Loan Good or Bad?

Definitely taking a bank loan shouldn't be a choice for you and should be the last resource if you need to. You may be wondering, why am...